Identity Verification is the REAL Failure
Much of the news media reports the theft of “hundreds of millions” of dollars from the Washington state unemployment fund as if it were a computer hack. That’s not the case.
In May to July of 2017, the Equifax credit monitoring service had THEIR database hacked. The data and financial records of over 140 million Americans was stolen. Every state and the federal government knew that data could be used in many, many illegal ways. Private businesses knew as well, needing to implement security systems to protect their customers.
Security experts indicated the core problem for businesses and government agencies, would be verifying the identify of people seeking access to bank accounts, requesting loans, investment accounts, and a host of other financial accounts. This would apply to people filing tax returns and also people seeking unemployment benefits.
Private businesses have successfully implemented a host of ways to verify the identity of individuals. Most people have become accustomed to logging into a bank or investment account and having that financial institution either call you or text you a PIN that must be entered within a limited amount of time to access the account. People are used to security questions like “place of birth” or “mother’s maiden name” or “color of your first car”, all being part of security systems to prevent the wrong people from being able to access financial accounts. Some systems use biometric verification – a finger print or a graphic of your eyes or face, to verify who you are.
In the airline industry, the Transportation Security Administration created a government database. The airlines provide the TSA with a photo and other pertinent data on each individual seeking access to airports and airplanes. The airline employee presents a unique security badge that not only has a photo, their airline and suitable identification data. The employee also uses a unique scanned code. The TSA database pulls up the information, including the photo of the individual. A human security agent verifies that the photos and description match the individual standing in front of the TSA agent. If they match, the person is granted access to the airport’s secure area. I know, because I helped in proposing the original design of the “identity verification system” to the Department of Transportation in the aftermath of 911.
Yet apparently the Washington Employment Security Division (ESD) didn’t learn from private industry. The EDS didn’t learn from other government agencies security provisions. The ESD failed to implement suitable safeguards into their systems.
The Washington Employment Security Division requested and received $44 million to upgrade their systems in 2017. Apparently, those ‘upgrades’ did not include processes to verify the identity of citizens requesting unemployment benefits. After spending taxpayer’s money, there were numerous “red flags” that identified weaknesses in the EDS systems and processes. Those red flags were ignored by the Inslee administration.
As the Washington Policy Center reported (here): “If a bank approached its customers and said the only requirement for accessing an account was a name, birth date and social security number, the bank would soon be out of business. No one would use the bank out of a justified fear that their money would be stolen. That is how the un-employment benefit system worked in Washington until recently.”
Today, “hundreds of millions” of dollars belonging to Washington citizens has been stolen by Nigerian scam artists who purchased that previously stolen Equifax data on the dark web. They presented real citizens names, addresses, birthdays, and other vital information, requesting unemployment benefits. Unable to verify the actual identity of these scam artists, and under direction from Governor Inslee to pay benefits quickly, ESD bureaucrats gave away the money belonging to legitimate Washington state citizens.
At one point, over 300,000 Washington citizens were waiting to received their earned unemployment benefits. While that backlog has been reduced, it appears the median wait time has been around 8 weeks for these people to receive their money. A news report from June 13th indicates 35,000 citizens unemployment benefit claims remain on hold, and may not be resolved until the end of June.
This is an abominable failure of government to serve the people. It’s a failure of leadership. We need accountability for the inability of government bureaucrats to verify the identities of people they are giving hundreds of million of your dollars to. Verification of an individual’s identity should be “easy, quick, and secure”. Private businesses do it every day.
Governor Inslee shut down our state’s economy. Yet he and his administration have failed to protect the citizens he is supposed to be serving. It’s time for a change in Olympia.